## GET /api/v2/domains/{id}/dnssec

**List domain DNSSEC records**

Return the domain DNSSEC management state, supported record format, existing DS or KEY records, allowed algorithm/digest enums, and action gates. Use this endpoint before deleting a DNSSEC record because persisted record IDs are returned in dsRecords[].id or keyRecords[].id. This is the manual registrar-record surface. If the domain uses HostUp-managed nameservers such as `primary.ns.hostup.se` and `secondary.ns.hostup.se`, first read `GET /api/v2/domains/{id}/dnssec-auto` and `GET /api/v2/domains/{id}/nameservers`; automatic DNSSEC normally detects the hosted DNSSEC material and publishes the DS record without a manual `POST /dnssec` call. Only add manual DS/KEY data when `actions.canAdd.allowed` is true and the domain needs registrar-side DNSSEC data from an external DNS provider or another supported manual workflow.

### Related Endpoints

- `POST /api/v2/domains/{id}/dnssec`: Add a DNSSEC record
- `DELETE /api/v2/domains/{id}/dnssec/{recordId}`: Delete a DNSSEC record
- `GET /api/v2/domains/{id}`: Get domain details

### Headers

- `Accept`: application/json
- `Authorization`: Bearer YOUR_API_KEY
- Required API scope: `read:domains`

### Parameters

- `id` (path, string, required): Public domain ID. Get it from GET /api/v2/domains `data[].id`. Do not invent this value; use the exact ID returned by the referenced API response. Example: `dom_01hxa3b4c5d6e7f8g9h0j1k2m3`

### Request Example

```bash
curl -X GET "https://cloud.hostup.se/api/v2/domains/dom_01hxa3b4c5d6e7f8g9h0j1k2m3/dnssec" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Accept: application/json"
```

### Response Schema

- `domainName` (string | null, required) Example: `example.se`
- `recordType` (string, required) Example: `DS`
  Allowed values: DS, KEY
- `dsRecords` (array<object>, required)
- `dsRecords[].id` (string | null, required) Example: `dsr_01hxa3b4c5d6e7f8g9h0j1k2m3`
- `dsRecords[].keyTag` (string | null, required) Example: `2371`
- `dsRecords[].algorithm` (string | null, required) Example: `13`
- `dsRecords[].digestType` (string | null, required) Example: `2`
- `dsRecords[].digest` (string | null, required) Example: `5A1D7C1B9E7F4E6A8C2B0D5F9A3E6C7D8B1A2C3D4E5F60718293A4B5C6D7E8F9`
- `keyRecords` (array<object>, required)
- `keyRecords[].id` (string | null, required) Example: `dsr_01hxa3b4c5d6e7f8g9h0j1k2m3`
- `keyRecords[].flag` (string | null, required) Example: `257`
- `keyRecords[].protocol` (string | null, required) Example: `3`
- `keyRecords[].algorithm` (string | null, required) Example: `13`
- `keyRecords[].publicKey` (string | null, required) Example: `p8K3pYwQ5xvM7nR2sT4uV6wX8yZaBcDeFgHiJkLmNoPqRsTuVwXyZ0123456789`
- `allowedAlgorithms` (array<integer>, required)
- `allowedDigestTypes` (array<integer>, required)
- `algorithmNames` (object, required)
- `digestTypeNames` (object, required)
- `status` (string, required) Example: `active`
  Allowed values: active, excluded, unsupported, pending, error
- `reason` (string | null, required)
- `actions` (object, required)
- `actions.canAdd` (object, required)
- `actions.canAdd.allowed` (boolean, required) Example: `true`
- `actions.canAdd.reason` (string | null, required)
- `actions.canRemove` (object, required)
- `actions.canRemove.allowed` (boolean, required) Example: `true`
- `actions.canRemove.reason` (string | null, required)

### Responses

#### 200 - DNSSEC record state for the domain.
```json
{
  "domainName": "example.se",
  "recordType": "DS",
  "dsRecords": [
    {
      "id": "dsr_01hxa3b4c5d6e7f8g9h0j1k2m3",
      "keyTag": "2371",
      "algorithm": "13",
      "digestType": "2",
      "digest": "5A1D7C1B9E7F4E6A8C2B0D5F9A3E6C7D8B1A2C3D4E5F60718293A4B5C6D7E8F9"
    }
  ],
  "keyRecords": [],
  "allowedAlgorithms": [
    8,
    10,
    12,
    13,
    14
  ],
  "allowedDigestTypes": [
    2,
    3,
    4
  ],
  "algorithmNames": {
    "1": "RSA/MD5",
    "2": "Diffie-Hellman",
    "3": "DSA/SHA-1",
    "5": "RSA/SHA-1",
    "6": "DSA-NSEC3-SHA1",
    "7": "RSASHA1-NSEC3-SHA1",
    "8": "RSA/SHA-256",
    "10": "RSA/SHA-512",
    "12": "GOST R 34.10-2001",
    "13": "ECDSA Curve P-256 with SHA-256",
    "14": "ECDSA Curve P-384 with SHA-384",
    "15": "Ed25519",
    "16": "Ed448"
  },
  "digestTypeNames": {
    "1": "SHA-1",
    "2": "SHA-256",
    "3": "GOST R 34.11-94",
    "4": "SHA-384"
  },
  "status": "active",
  "reason": null,
  "actions": {
    "canAdd": {
      "allowed": true,
      "reason": null
    },
    "canRemove": {
      "allowed": true,
      "reason": null
    }
  }
}
```

#### 400 - Invalid request. The response body is an RFC 7807 Problem Details document.
```json
{
  "type": "https://developer.hostup.se/errors/invalid_request",
  "title": "Invalid request",
  "status": 400,
  "detail": "The request body failed validation.",
  "code": "invalid_request",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z",
  "errors": [
    {
      "pointer": "/items/0/domainName",
      "detail": "`domainName` is required.",
      "code": "invalid_request"
    }
  ]
}
```

#### 401 - Unauthorized. Authentication is required.
```json
{
  "type": "https://developer.hostup.se/errors/unauthorized",
  "title": "Unauthorized",
  "status": 401,
  "detail": "Authentication is required.",
  "code": "unauthorized",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 403 - Forbidden. The caller lacks a required scope or does not own the resource.
```json
{
  "type": "https://developer.hostup.se/errors/forbidden",
  "title": "Forbidden",
  "status": 403,
  "detail": "The caller lacks a required scope or does not own the resource.",
  "code": "forbidden",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 404 - Not found. The resource does not exist or is not owned by the caller.
```json
{
  "type": "https://developer.hostup.se/errors/not_found",
  "title": "Not found",
  "status": 404,
  "detail": "The requested resource could not be found.",
  "code": "not_found",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 429 - Rate limited. Retry after the limit resets. 429 responses include `Retry-After` seconds plus `X-RateLimit-*` headers.
```json
{
  "type": "https://developer.hostup.se/errors/rate_limit_exceeded",
  "title": "Too many requests",
  "status": 429,
  "detail": "Too many requests. Retry after the limit resets.",
  "code": "rate_limit_exceeded",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 500 - Internal error. Retry later or contact support if the issue persists.
```json
{
  "type": "https://developer.hostup.se/errors/internal_error",
  "title": "Internal server error",
  "status": 500,
  "detail": "An unexpected error occurred. Retry later or contact support if the issue persists.",
  "code": "internal_error",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```